ReportizFlow
Filtered by vendor Cyberark
Subscriptions
Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25738 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 5.5 Medium |
| CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | ||||
| CVE-2020-25374 | 1 Cyberark | 1 Privileged Session Manager | 2024-11-21 | 2.6 Low |
| CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | ||||
| CVE-2019-9627 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 7.0 High |
| A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | ||||
| CVE-2019-7442 | 1 Cyberark | 1 Enterprise Password Vault | 2024-11-21 | N/A |
| An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | ||||
| CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-11-21 | N/A |
| CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | ||||
| CVE-2018-9843 | 1 Cyberark | 1 Password Vault | 2024-11-21 | N/A |
| The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | ||||
| CVE-2018-9842 | 1 Cyberark | 1 Password Vault | 2024-11-21 | N/A |
| CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | ||||
| CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | N/A |
| CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | ||||
| CVE-2018-13052 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | N/A |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | ||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | N/A |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | ||||
| CVE-2024-42337 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-42338 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | 8.3 High |
| CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | ||||
| CVE-2024-42339 | 1 Cyberark | 1 Identity | 2024-08-30 | 4.3 Medium |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||